- Monitored network traffic for suspicious activity using SIEM tools such as Splunk and CISCO EDR tools.
- Analyzed logs from various sources including web servers, application servers, databases, IDS and IPS systems. for possible security breaches.
- Maintained up-to-date knowledge of cyber threat landscape by researching latest attack trends and techniques used by attackers.
- Responded promptly to any reported issues or alerts related to system or network security.
- Managed user authentication and authorization of data access.
- Performing analysis of triggered alerts from Endpoint solutions such as Antivirus, EDR,SIEM,SNORT,AWS.
- Monitor endpoints for suspicious activity and Investigating incidents, remediation, tracking, and follow-up for incident closure with concerned teams, stakeholders
- Follow-up with incident response team for remediation
Deep dive analysis of triggered alerts using SIEM other analysis tools.
- Collaborated with IT teams to develop comprehensive cybersecurity strategies, reducing risks from external attacks.
- Developed and maintained detailed documentation on security processes, facilitating knowledge transfer and ensuring consistency in procedures.